package com.alinesno.cloud.platform.bootadmin.web;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import de.codecentric.boot.admin.server.config.EnableAdminServer;

/**
 * SpringBoot2 Admin监控中心
 * 
 * @author WeiXiaoJin
 * @since 2019年2月16日 上午8:46:14
 */
@SpringBootApplication
@EnableAdminServer
public class SpringBootAdminApplication {

	public static void main(String[] args) {
		SpringApplication.run(SpringBootAdminApplication.class, args);
	}

	@Configuration
	public static class SecuritySecureConfig extends WebSecurityConfigurerAdapter {

		private final String adminContextPath;

		public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
			this.adminContextPath = adminServerProperties.getContextPath();
		}

		@Override
	    protected void configure(HttpSecurity http) throws Exception {
	        // @formatter:off
	        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
	        successHandler.setTargetUrlParameter("redirectTo");
	        successHandler.setDefaultTargetUrl(adminContextPath + "/");

	        http.authorizeRequests()
	                //授予对所有静态资产和登录页面的公共访问权限。
	                .antMatchers(adminContextPath + "/assets/**").permitAll()
	                .antMatchers(adminContextPath + "/login").permitAll()
	                //必须对每个其他请求进行身份验证
	                .anyRequest().authenticated()
	                .and()
	                //	配置登录和注销。
	                .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
	                .logout().logoutUrl(adminContextPath + "/logout").and()
	                //启用HTTP-Basic支持。这是Spring Boot Admin Client注册所必需的
	                .httpBasic().and()
	                .csrf()
	                //使用Cookie启用CSRF保护
	                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
	                .ignoringAntMatchers(
	                        adminContextPath + "/instances", //禁用CRSF-Protection Spring Boot Admin Client用于注册的端点。
	                        adminContextPath + "/actuator/**" //
	                );
	        // @formatter:on
	    }
	}
	
}